Last Comment Bug 174806 - AES keys don't have CKA_VALUE_LEN
: AES keys don't have CKA_VALUE_LEN
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.6
: All All
: P1 normal (vote)
: 3.7
Assigned To: Robert Relyea
: Bishakha Banerjee
Depends on:
  Show dependency treegraph
Reported: 2002-10-16 11:49 PDT by Jamie Nicolson
Modified: 2002-11-08 11:24 PST (History)
0 users
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

Add CKA_VALUE_LEN to the attributes returned for token secret keys. (923 bytes, patch)
2002-10-24 13:05 PDT, Robert Relyea
no flags Details | Diff | Splinter Review

Description Jamie Nicolson 2002-10-16 11:49:27 PDT
AES keys should have the CKA_VALUE_LEN attribute to say how long they are, so
that PK11_GetKeyLength and PK11_GetKeyStrength work properly. I think this
should happen in pkcs11.c:validateSecretKey, where it happens for all the other
variable-length secret key types.
Comment 1 Jamie Nicolson 2002-10-16 13:36:09 PDT
I should point out I'm using a token symmetric key. Looking into this a little
deeper, I see that pkcs11u.c:pk11_FindSecretKeyAttribute has no code to return
the CKA_VALUE_LEN field. So the problem may be there instead.
Comment 2 Robert Relyea 2002-10-24 10:56:16 PDT
I'll add the code, though the NSS's use of CKA_VALUE_LEN appears to be a
non-standard use. Longer term this should be raised with the pkcs #11 working group.

Comment 3 Robert Relyea 2002-10-24 13:05:21 PDT
Created attachment 104016 [details] [diff] [review]
Add CKA_VALUE_LEN to the attributes returned for token secret keys.
Comment 4 Robert Relyea 2002-11-08 11:24:58 PST
checked into tip.

Note You need to log in before you can comment on or make changes to this bug.